php: Enable ACL support for FPM (3e601e54) · Commits · nix / nixpkgs

This will allow authorizing extra processes like Prometheus exporter without having to run it as `listen.user` (or adding it `listen.group` and changing `listen.mode` to `0660`). It is disabled by default: https://www.php.net/manual/en/install.fpm.install.php but it has been available since PHP 5.6: https://github.com/php/php-src/commit/744ada7d9ddb7c0f37c494bf0e7636cb1ed6cb34 And Debian enables it too: https://salsa.debian.org/php-team/php/-/commit/153055e5e35b4e8fce0fc452d2052e5457242abd

pkgs/development/interpreters/php/generic.nix

+6 −1

Original line number	Diff line number	Diff line
		@@ -13,6 +13,7 @@ let
		makeBinaryWrapper,
		symlinkJoin,
		writeText,
		acl,
		autoconf,
		automake,
		bison,
		@@ -248,6 +249,7 @@ let

		# Enable sapis
		++ lib.optionals pearSupport [ libxml2.dev ]
		++ lib.optionals (fpmSupport && stdenv.hostPlatform.isLinux) [ acl ]

		# Misc deps
		++ lib.optional apxs2Support apacheHttpd
		@@ -268,7 +270,10 @@ let
		# Enable sapis
		++ lib.optional (!cgiSupport) "--disable-cgi"
		++ lib.optional (!cliSupport) "--disable-cli"
		++ lib.optional fpmSupport "--enable-fpm"
		++ lib.optionals fpmSupport [
		"--enable-fpm"
		(lib.withFeature stdenv.hostPlatform.isLinux "fpm-acl")
		]
		++ lib.optionals pearSupport [
		"--with-pear"
		"--enable-xml"